Added Github scanner

.github/workflows/repo_scanner.yml

@@ -0,0 +1,64 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CI
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+
+on:
+  schedule:
+    - cron: '00 7 * * *'
+
+#on:
+#  push:
+#    branches: [ master ]
+#  pull_request:
+#    branches: [ master ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    strategy:
+      matrix:
+        python-version: [3.6]
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: montudor/action-zip@v0.1.0
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip3 install truffleHog3
+
+      #Create Report directory for all reports
+      - name: Create directory for reports
+        run: mkdir Reports_`date +%d%b%y`
+
+      # Runs scan
+      - name: Run Trufflehog3
+        run: python3 $GITHUB_WORKSPACE/git-scanner-config/repo_scanner.py $GITHUB_WORKSPACE/git-scanner-config/rules.yaml $GITHUB_WORKSPACE/git-scanner-config/batch.txt $GITHUB_WORKSPACE/git-scanner-config/config.yaml
+
+      # Zip complete report directory
+      - name: Zip the reports directory
+        run: zip -r ./Reports_`date +%d%b%y`.zip ./Reports_`date +%d%b%y`
+
+      #upload report
+      - name: Upload report to confluence
+        run: 'curl  args: -u ''${{secrets.reporting_user}}:${{secrets.reporting_user_secret}}'' --request POST -F file=@./Reports_`date +%d%b%y`.zip -H ''Accept: application/json'' -H ''X-Atlassian-Token: no-check'' --url https://mosip.atlassian.net/wiki/rest/api/content/45285493/child/attachment'
+
+      #upload report
+#      - name: Copy report to folder
+#        run: cp ./Reports_`date +%d%b%y`.zip $GITHUB_WORKSPACE/git-scanner-config/
+
+      #Delete the reports from deployment server
+      - name: Delete directory for reports
+        run: rm -Rf ./*

git-scanner-config/batch.txt

@@ -0,0 +1,23 @@
+https://github.com/mosip/abis-testing-kit.git
+https://github.com/mosip/admin-services.git
+https://github.com/mosip/biosdk-testing-kit.git
+https://github.com/mosip/commons.git
+https://github.com/mosip/documentation.git
+https://github.com/mosip/durian.git
+https://github.com/mosip/id-authentication.git
+https://github.com/mosip/id-repository.git
+https://github.com/mosip/mds-testing-kit.git
+https://github.com/mosip/mosip.git
+https://github.com/mosip/mosip-acceptance-tests.git
+https://github.com/mosip/mosip-config.git
+https://github.com/mosip/mosip-functional-tests.git
+https://github.com/mosip/mosip-infra.git
+https://github.com/mosip/mosip-mock-services.git
+https://github.com/mosip/mosip-ref-impl.git
+https://github.com/mosip/partner-management-services.git
+https://github.com/mosip/pre-registration.git
+https://github.com/mosip/print.git
+https://github.com/mosip/registration.git
+https://github.com/mosip/reporting.git
+https://github.com/mosip/resident-services.git
+https://github.com/mosip/test-orchestrator.git

git-scanner-config/config.yaml

@@ -0,0 +1,18 @@
+skip_strings:
+  /:
+    - cipher
+    - cypher
+
+skip_paths:
+  - .*.pdf
+  - .*.object
+  - .*.zip
+  - .*.jpg
+  - .*.dat
+  - .*.gif
+  - .*.dll
+  - .*.pf
+  - .*.jar
+
+no_entropy: true
+no_history: true

git-scanner-config/repo_scanner.py

@@ -0,0 +1,22 @@
+import os
+import sys
+
+rulefile = sys.argv[1]
+batch = sys.argv[2]
+config = sys.argv[3]
+
+file = open(batch, 'r')
+count = 0
+# Using for loop
+for line in file:
+    count += 1
+    tag = (line.strip().split("/"))
+    name = tag[-1].split(".")
+    path = line.strip()
+    tag2=batch.split("/")
+    bname = tag2[-1].split(".")
+    batchname = bname[0]
+    print("--------------------------- Scanning GitHub Repo:  " +name[0]+ " -----------------------------------")
+    os.system('trufflehog3 -v -c '+config+' -r '+rulefile+' '+path+' -f html -o ./Reports_`date +%d%b%y`/'+name[0]+'.html')
+# Closing files
+file.close()

git-scanner-config/rules_mosip.yaml

@@ -0,0 +1,43 @@
+SecretKey: "[s|S][e|E][c|C][r|R][e|E][t|T].*[A-Za-z]+\\d+.*$"
+Generic Email ID: "[a-z0-9!#$%&'*+=?^_‘{|}~-]+(?:\\.[a-z0-9!#$%&'*+=?^_‘{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?"
+IP Address: "\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b"
+Specific Password: "[p|P][a|A][s|S][s|S].*[a-z0-9]{1,15}-[a-z0-9]{1,15}-[a-z0-9]{1,15}-[a-z0-9]{1,15}-[a-z0-9]{1,15}"
+Generic Password: "[p|P][a|A][s|S][s|S].*(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,40}"
+Slack Token: "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})"
+RSA private key: "-----BEGIN RSA PRIVATE KEY-----"
+SSH (DSA) private key: "-----BEGIN DSA PRIVATE KEY-----"
+SSH (EC) private key: "-----BEGIN EC PRIVATE KEY-----"
+PGP private key block: "-----BEGIN PGP PRIVATE KEY BLOCK-----"
+Amazon AWS Access Key ID: "AKIA[0-9A-Z]{16}"
+Amazon MWS Auth Token: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+AWS API Key: "AKIA[0-9A-Z]{16}"
+Facebook Access Token: "EAACEdEose0cBA[0-9A-Za-z]+"
+Facebook OAuth: '[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*[''|"][0-9a-f]{32}[''|"]'
+GitHub: '[g|G][i|I][t|T][h|H][u|U][b|B].*[''|"][0-9a-zA-Z]{35,40}[''|"]'
+Generic API Key: '[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*[''|"][0-9a-zA-Z]{32,45}[''|"]'
+Generic Secret: '[s|S][e|E][c|C][r|R][e|E][t|T].*[''|"][0-9a-zA-Z]{10,50}[''|"]'
+Google API Key: "AIza[0-9A-Za-z\\-_]{35}"
+Google Cloud Platform API Key: "AIza[0-9A-Za-z\\-_]{35}"
+Google Cloud Platform OAuth: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+Google Drive API Key: "AIza[0-9A-Za-z\\-_]{35}"
+Google Drive OAuth: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+Google (GCP) Service-account: '"type: "service_account"'
+Google Gmail API Key: "AIza[0-9A-Za-z\\-_]{35}"
+Google Gmail OAuth: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+Google OAuth Access Token: "ya29\\.[0-9A-Za-z\\-_]+"
+Google YouTube API Key: "AIza[0-9A-Za-z\\-_]{35}"
+Google YouTube OAuth: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+Heroku API Key: "[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}"
+MailChimp API Key: "[0-9a-f]{32}-us[0-9]{1,2}"
+Mailgun API Key: "key-[0-9a-zA-Z]{32}"
+Password in URL: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
+PayPal Braintree Access Token: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
+Picatic API Key: "sk_live_[0-9a-z]{32}"
+Slack Webhook: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
+Stripe API Key: "sk_live_[0-9a-zA-Z]{24}"
+Stripe Restricted API Key: "rk_live_[0-9a-zA-Z]{24}"
+Square Access Token: "sq0atp-[0-9A-Za-z\\-_]{22}"
+Square OAuth Secret: "sq0csp-[0-9A-Za-z\\-_]{43}"
+Twilio API Key: "SK[0-9a-fA-F]{32}"
+Twitter Access Token: "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}"
+Twitter OAuth: '[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[''|"][0-9a-zA-Z]{35,44}[''|"]'